Index: head/security/snort/Makefile =================================================================== --- head/security/snort/Makefile (revision 557046) +++ head/security/snort/Makefile (revision 557047) @@ -1,130 +1,130 @@ # Created by: Dirk Froemberg # $FreeBSD$ PORTNAME= snort PORTVERSION= 2.9.16.1 CATEGORIES= security MASTER_SITES= https://snort.org/downloads/snort/ \ ZI PATCH_DIST_STRIP= -p1 MAINTAINER= dvl@FreeBSD.org COMMENT= Lightweight network intrusion detection system LICENSE= GPLv2 LICENSE_FILE= ${WRKSRC}/LICENSE BUILD_DEPENDS= daq>=2.0.0:net/daq LIB_DEPENDS= libpcre.so:devel/pcre \ libdnet.so:net/libdnet \ libpcap.so:net/libpcap RUN_DEPENDS= daq>=2.0.0:net/daq USES= bison cpe libtool pathfix shebangfix ssl USE_RC_SUBR= snort USE_LDCONFIG= yes SUB_FILES= pkg-message SHEBANG_FILES= tools/appid_detector_builder.sh GNU_CONFIGURE= yes MAKE_JOBS_UNSAFE= yes RULES_DIR= ${ETCDIR}/rules PREPROC_RULE_DIR= ${ETCDIR}/preproc_rules LOGS_DIR= /var/log/snort CONFLICTS_INSTALL= snort3-3.* OPTIONS_DEFINE= IPV6 GRE HA NORMALIZER DOCS APPID \ PERFPROFILE LRGPCAP SOURCEFIRE NONETHER \ FILEINSPECT OPTIONS_GROUP= ADDONS DEV OPTIONS_GROUP_ADDONS= BARNYARD PULLEDPORK OPTIONS_GROUP_DEV= DBGSNORT OPTIONS_SUB= yes OPTIONS_DEFAULT= GRE NORMALIZER BARNYARD \ PERFPROFILE SOURCEFIRE PULLEDPORK GRE_DESC= GRE support IPV6_DESC= IPv6 in snort.conf LRGPCAP_DESC= Pcaps larger than 2GB NONETHER_DESC= Non-Ethernet Decoders NORMALIZER_DESC= Normalizer PERFPROFILE_DESC= Performance profiling SOURCEFIRE_DESC= Sourcefire recommended build options APPID_DESC= Build with application id support (EXPERIMENTAL) HA_DESC= Enable high-availability state sharing (EXPERIMENTAL) FILEINSPECT_DESC= Build with extended file inspection features (EXPERIMENTAL) ADDONS_DESC= Depend on 3rd party addons BARNYARD_DESC= Depend on barnyard2 (supports also snortsam) PULLEDPORK_DESC= Depend on pulledpork DEV_DESC= Developer options DBGSNORT_DESC= Enable debugging symbols+core dumps DBGSNORT_CONFIGURE_ENABLE= corefiles debug DBGSNORT_MAKE_ENV= DONTSTRIP="yes" GRE_CONFIGURE_ENABLE= gre LRGPCAP_CONFIGURE_ENABLE= large-pcap NONETHER_CONFIGURE_ENABLE= non-ether-decoders NORMALIZER_CONFIGURE_ENABLE= normalizer PERFPROFILE_CONFIGURE_ENABLE= perfprofiling ppm SOURCEFIRE_CONFIGURE_ENABLE= sourcefire APPID_CONFIGURE_ENABLE= open-appid HA_CONFIGURE_ENABLE= ha FILEINSPECT_CONFIGURE_ENABLE= file-inspect BARNYARD_RUN_DEPENDS= barnyard2:security/barnyard2 PULLEDPORK_RUN_DEPENDS= pulledpork.pl:security/pulledpork APPID_LIB_DEPENDS= libluajit-5.1.so:lang/luajit APPID_CONFIGURE_ENV+= luajit_CFLAGS="-I${LOCALBASE}/include/luajit-2.0" \ luajit_LIBS="-L${LOCALBASE}/lib -lluajit-5.1" -.include - CONFIG_FILES= classification.config gen-msg.map reference.config \ snort.conf threshold.conf unicode.map file_magic.conf DOCS= RELEASE.NOTES doc/AUTHORS doc/BUGS doc/CREDITS \ doc/README* doc/USAGE doc/*.pdf PREPROC_RULES= decoder.rules preprocessor.rules sensitive-data.rules CFLAGS+= -fstack-protector CONFIGURE_ARGS+=--enable-reload \ --enable-mpls --enable-targetbased \ --enable-reload-error-restart post-patch: @${REINPLACE_CMD} "s,/etc/snort.conf,${ETCDIR}/snort.conf," \ ${WRKSRC}/src/snort.c ${WRKSRC}/snort.8 @${REINPLACE_CMD} -e 's|^dynamicdetection|#dynamicdetection|' \ -e '/ipvar HOME_NET/s/any/[YOU_NEED_TO_SET_HOME_NET_IN_snort.conf]/' \ -e '/^# include .PREPROC_RULE/s/# include/include/' \ ${WRKSRC}/etc/snort.conf +post-patch-IPV6-off: # IPv6 is no longer a ./configure option! -.if ! ${PORT_OPTIONS:MIPV6} @${REINPLACE_CMD} -e '/normalize_ip6/s/^preprocessor/#preprocessor/' \ -e '/normalize_icmp6/s/^preprocessor/#preprocessor/' \ ${WRKSRC}/etc/snort.conf -.endif post-build: @${FIND} ${WRKSRC}/src -name '*.0' -type f -exec ${STRIP_CMD} {} \; post-install: @${MKDIR} ${STAGEDIR}${ETCDIR} ${STAGEDIR}${RULES_DIR} ${STAGEDIR}${LOGS_DIR} \ - ${STAGEDIR}${PREPROC_RULE_DIR} ${STAGEDIR}${DOCSDIR} + ${STAGEDIR}${PREPROC_RULE_DIR} .for f in ${CONFIG_FILES} ${INSTALL_DATA} ${WRKSRC}/etc/${f} ${STAGEDIR}${ETCDIR}/${f}-sample .endfor .for f in ${PREPROC_RULES} ${INSTALL_DATA} ${WRKSRC}/preproc_rules/${f} ${STAGEDIR}${PREPROC_RULE_DIR}/${f}-sample .endfor + +post-install-DOCS-on: + @${MKDIR} ${STAGEDIR}${PREPROC_RULE_DIR} ${STAGEDIR}${DOCSDIR} (cd ${WRKSRC} && ${INSTALL_DATA} ${DOCS} ${STAGEDIR}${DOCSDIR}) .include Index: head/security/snort/pkg-descr =================================================================== --- head/security/snort/pkg-descr (revision 557046) +++ head/security/snort/pkg-descr (revision 557047) @@ -1,21 +1,21 @@ Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform content searching/matching in addition to being used to detect a variety of other attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, and much more. Snort has a real-time alerting capability, with alerts being sent to syslog, a separate "alert" file, or even to a Windows computer via Samba. Packets are logged in their decoded form to directories which are generated based upon the IP address of the remote peer. This allows Snort to be used as a sort of "poor man's intrusion detection system" if you specify what traffic you want to record and what to let through. For instance, I use it to record traffic of interest to the six computers in my office at work while I'm away on travel or gone for the weekend. It's also nice for debugging network code since it shows you most of the Important Stuff(TM) about your packets (as I see it anyway). The code is pretty easy to modify to provide more complete packet decoding, so feel free to make suggestions. -WWW: http://www.snort.org/ +WWW: https://www.snort.org/